This is not true Chad there is a explicit opt in process for patients within any patient portal.
There is a specific opt out for the SHER.
It wasn’t clear initially, but from MMH Cyber Breach Update 6 January 2026, MMH stated:
Based on our findings, the incident was limited to 6-7% of our 1.8 million registered users of the ‘My Health Documents’ module on the Manage My Health app.
The “My Health Documents” module is where patients can upload documents themselves:
Documents synced from the PMSs (e.g., via Medtech’s APIs) are not viewable by patients through MMH - only a brief description of the document is visible. Patients need to contact their practice (or Health NZ or their specialist) to actually receive the document, then upload it themselves to the MMH app, which is quite a convoluted process from a user perspective.
This would explain why the percentage of the total user base affected is 6-7%: only those who bothered to go through this process and upload documents to MMH, and also why one of the documents was a credit card statement, which was probably mistakenly uploaded by a user.
The CEOs communication has not been particularly clear, however. In this RNZ article from last night, where he says, “and also uploaded data by the patient”, I think should read “only data uploaded by the patient”.
Manage My Health CEO: Trust us ‘even though we have dropped the ball’ | RNZ News
Ramayah said nothing in their doctor’s own database had been breached and taken.
"What has been penetrated is a single module which contains health documents from a specialist referral, from discharge summaries… and also uploaded data by the patient.
“And there is a function called help documents, that function was what was penetrated and that function has anything you as a patient can upload, not what your doctor uploads,” he said.
1 Like
A post was merged into an existing topic: Primary Care cybersecurity risk assessment and liability
This is more extensive than just documents being uploaded by patients. I’m a GP in Northland with a practice of 12,500 and have 6400 patients actively using Manage My Health and have a tally on 6356 of upload/hacked documents- the vast majority are transfer of care documents and outpatient letters which will often contain full lists of patient classifications and medications. Patients rarely upload documents to us and if they do they can be quite sensitive information like photographs and insurance forms for completion.
The 6-7% figure will be heavily skewed to Northland practices, with 45 practices in Northland affected where there is a high portal uptake and the Health Documents upload process has been in place for a year or more. In my opinion, saying “a single module” is affected downplays the detail and depth of sensitive patient information that is contained in discharge summaries/outpatient letters which often list a patient’s full medical history and medications.
2 Likes
How did these get into MMH? Uploaded by the practices manually?
As a relative outsider, that module looks like it is patients-only, but perhaps that isn’t the case.
Happy NY Nathan. My understanding is that the Northland DHB documents were sent via HealthLink with a copy to the GP (long standing usual process) but also a copy sent to Manage My Health (new process). Prior to the project in Northland last year, the transfer of care documents/outpatient letters weren’t available to Manage My Health because they couldn’t be extracted from the practice, and this remains the case and the documents are copies given to Manage My Health.
As Northland practices we still haven’t been given clear and transparent communications about where the hack occurred, but I think it’s not from GP data, it’s been due to security flaws in the Manage My Health data. We remain unable to talk to our patients about what has happened and how they may be impacted. We are now Day 10 post-hack. This is a shambles.
Andrew
2 Likes
Exceptional skills in all disciplines of IT is required, not just security. I do not know what is going on at MMH or the skill level of their developers and testers but I have struggled to even login the past couple of days using my username and password. I am waiting on some results so today unable to login again using my username and password I selected the ‘one time code’ option to login to see if this would work….. This logged me immediately WITHOUT ENTERING THE CODE sent!!! I have a background of working in development and testing for major NZ banks so I know what is involved in tightening security and mitigating new threats. MMH need to do better.
1 Like
I’ve just tried to login and was made to change my password and logged in. Would be interesting to know if all MMH users’ accounts have been set to change their password.
I agree with you that MMH as a business can do better. But we need more information about why they are being opaque before we judge them.
1 Like
That’s more than I can do - I can’t even get the login page to open.
Cheers Inga
It would be good to know if this is a GP practice decision or a MMH decision to lock people out of the tool until the cyber incident has been resolved.
Interesting.
For what it is worth, I have had no trouble logging in to MMH through out the last week, and that includes today.
And I have been affected directly. I have written about it here.
Cheers, Ben.
1 Like
This quote clarifies what was breached, and is consistent with the comments in this Topic:
Tilyard expanded on what he said were three categories within the breach relating to three years of data between 2017 and 2019.
The first was Northland hospital discharge summaries, he said.
“So these only affect patients who were resident in that Northland area in those years, 2017 to 2019. We now know that many of them have shifted.”
The second category was material uploaded by patients themselves.
"It could be, for instance, I’ve notified via the portal that I’ve changed my address. It could be that I’ve actually uplifted my home blood pressure recording, or my weight.
“So these are patient-generated documents.”
The third was referral documents.
From here:
1 Like
Some insights from academic experts in this article: Manage My Health data breach - Expert Reaction - Science Media Centre
I think you are right Andrew, and in fact I was annoyed patients outside Northland did not have access to ‘embedded pdfs’ eg clinic and private provider reports to us.
Here’s what I have posted on a different thread, and the comment about gutting of data team at HNZ is worrying (And known!)
1 Like
Many an assumption being made by the GP regarding health literacy,
I wonder who made that decision that MMH should retain data from ex-users, so it could serve as a de facto electronic health record for primary health data. It’s a big call for the health sector with many strategic implications, so how was it arrived at? I can see the temptation - keeping consumer data in MMH would be easier up-front than migrating the data to a new system, and redoing all the integrations. Maybe it was just an interim solution. But in hindsight that has turned out to be a pretty big chunk of technical debt, and risk!
I assume MMH was deriving income from providing this shadow EHR service? From a commercial point of view, this feels like a bad deal for GPs/PHOs.
From a data governance point of view for MMH - yes data is an asset, but be careful of trying to own assets that are no longer part of your core business (i.e. the data of your ex-users), and remember that ownership of assets also comes with liability and risk!
1 Like
…and ethical debt. I worry about unmanaged data like this that lives in what you call a ‘shadow EHR’ and its safety and ethical risks.
1 Like
Unable to access continual error messages
For me it was opt in but i was an early adpote
This excellent article outlines the cyber security pragmatics, as well as some astute observations about our government’s response to date:
Hi @andrew.miller, your understanding is correct; I recently learned that the Northland district Te Whatu Ora dictation system is integrated with MMH such that transfer of care documents (and possibly other dictated letters) are sent to MMH in addition to the patient’s enrolled GP and referrer.
This is the only district with this particular integration, and I believe it was implemented in 2020/21 in order to make these documents electronically accessible to their patients.